package com.hardydou.framework.auth;

import com.hardydou.framework.humanskill.HumanSkillConfig;
import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;


/**
 * @author hardy
 */
@Configurable
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class AuthConfig extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/static/**").permitAll()
                .antMatchers("/public/**").permitAll()
                .antMatchers("/favicon.ico").permitAll()
                .antMatchers("/error").permitAll()
                .antMatchers("/error/**").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/logout").permitAll()
                .antMatchers("/api/**").permitAll()
                .antMatchers(HumanSkillConfig.REQ_PATH + "/**").permitAll()
                .antMatchers("/druid/**").hasAuthority("system:druid")
                .antMatchers("/swagger/**").hasAuthority("system:swagger")
                .antMatchers("/wss/**").hasAuthority("wss")
                .antMatchers("/system/profile").authenticated()

                .anyRequest().access("@appAuthService.auth(request,authentication)")
                .and().formLogin()
                .successHandler(getAuthSuccessHandler())
                .loginPage("/login")
                .failureHandler(getAuthFailHandler()).permitAll()
                .and().logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/login?logout=true").permitAll()
                .and()
                .headers().frameOptions().sameOrigin()//支持 iframe
                .and()
                .csrf().disable()//druid 获取数据失败
        ;
        http.addFilterBefore(new HumanSkillConfig.HumanVerifyFilter(getAuthFailHandler()), UsernamePasswordAuthenticationFilter.class);
    }

    @Bean
    public AuthSuccessHandler getAuthSuccessHandler() {
        return new AuthSuccessHandler();
    }

    @Bean
    public AuthFailHandler getAuthFailHandler() {
        return new AuthFailHandler();
    }

}
